On Fri, 18 Mar 2005 20:11:29 +1100
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> This patch makes ipt_TCPMSS use the correct MTU value for clamping.
> This is a bit tricky actually since TCPMSS can be used in FORWARD,
> LOCAL_OUT as well as POST_ROUTING.
>
> In the first two cases we haven't performed IPsec yet so dst_mtu
> obviously does the right thing. As it is, POST_ROUTING is performed
> after xfrm_output so MSS clamping is useless there.
>
> With Patrick's IPsec netfilter stuff, there will be a POST_ROUTING
> processing before IPsec processing, in which case dst_mtu also returns
> exactly what we want.
>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Applied, thanks Herbert.
> BTW Patrick, how is the IPsec netfilter stuff going?
That boy is seriously backlogged, so I'm not sure how much time
he's gotten to work on that yet.